Re: DJB's students release 44 *nix software vulnerability advisories

From: milw0rm Inc. (milw0rm_at_gmail.com)
Date: 12/21/04

  • Next message: Marcus Meissner: "SUSE Security Announcement: various kernel problems (SUSE-SA:2004:044)"
    Date: Tue, 21 Dec 2004 14:34:20 -0600
    To: bugtraq@securityfocus.com
    
    

    /*
    Two points.
    Regarding local versus remote, look at it this way: You have a 100%
    secure system. Then you install NASM. Now a user FROM THE NETWORK can
    send you some tainted assembly code for you to assemble and he can
    compromise your account.
    */

    quote "for you to assemble"

    Its a user error. Your not remotely exploiting anything but the trust
    from the user.

    //str0ke


  • Next message: Marcus Meissner: "SUSE Security Announcement: various kernel problems (SUSE-SA:2004:044)"

    Relevant Pages